IoT security risks ignored by enterprise systems

By Edd Gent

Published Thursday, August 20, 2015

More than two-thirds of IT professionals feel they are forced to adopt smart devices in spite of the security risks, a survey has found.

As many as 68 per cent of respondents to a survey of 270 attendees at Infosecurity Europe 2015 in London said business efficiency requirements are forcing organisations to adopt insecure Internet of Things (IoT) devices.

While research firm IDC anticipates these devices will add $1.9 trillion to the global economy, of which 80 per cent will be derived from services, they will also open new attack vectors for enterprise networks.

Although 87 per cent of respondents to the survey by cyber-security firm Tripwire said their organisation has a policy which places restrictions on employees connecting smart tools to the corporate network, 62 per cent admitted they’ve already connected personal devices.

“Even though many organizations have policies against connecting personal smart devices to their corporate networks, employees often feel that connecting these devices via USB to charge them isn’t a problem,” said Ken Westin, security analyst for Tripwire.

“I’ve heard a number of stories about the security alerts generated when employees plug their smart phones into point-of-sale devices, a practice that can easily introduce additional risk.

When purchasing a new smart device, 73 per cent of the respondents said their primary concern is functionality, not security, and over a quarter of the respondents (27 per cent) already own between five and ten smart devices excluding smart phones and laptops.

"This is really an education problem," added Westin. "Employees need a better understanding of the risks involved and IT teams need to provide reasonable options so employees can remain productive without increasing security risks to the organization.”